[lxc-devel] [lxd/master] lxc/remote: Use candid if supported
stgraber on Github
lxc-bot at linuxcontainers.org
Thu Feb 28 10:12:21 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 354 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190228/251001ab/attachment.bin>
-------------- next part --------------
From 5ad177307d18f9b142156c3cbc89c86b6ebe85b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 28 Feb 2019 11:09:16 +0100
Subject: [PATCH] lxc/remote: Use candid if supported
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxc/remote.go | 41 ++++++++++++++++++++++++++++++++++++-----
1 file changed, 36 insertions(+), 5 deletions(-)
diff --git a/lxc/remote.go b/lxc/remote.go
index 6bc6417103..f1c02b5409 100644
--- a/lxc/remote.go
+++ b/lxc/remote.go
@@ -130,10 +130,6 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
c.flagProtocol = "lxd"
}
- if c.flagAuthType == "" {
- c.flagAuthType = "tls"
- }
-
// Initialize the remotes list if needed
if conf.Remotes == nil {
conf.Remotes = map[string]config.Remote{}
@@ -211,7 +207,7 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
// Finally, actually add the remote, almost... If the remote is a private
// HTTPS server then we need to ensure we have a client certificate before
// adding the remote server.
- if rScheme != "unix" && !c.flagPublic && c.flagAuthType == "tls" {
+ if rScheme != "unix" && !c.flagPublic && (c.flagAuthType == "tls" || c.flagAuthType == "") {
if !conf.HasClientCertificate() {
fmt.Fprintf(os.Stderr, i18n.G("Generating a client certificate. This may take a minute...")+"\n")
err = conf.GenerateClientCertificate()
@@ -236,6 +232,9 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
return err
}
+ remote := conf.Remotes[server]
+ remote.AuthType = "tls"
+ conf.Remotes[server] = remote
return conf.SaveConfig(c.global.confPath)
}
@@ -309,6 +308,38 @@ func (c *cmdRemoteAdd) Run(cmd *cobra.Command, args []string) error {
return err
}
+ // If not specified, default authentication to Candid
+ if c.flagAuthType == "" {
+ if !srv.Public && shared.StringInSlice("candid", srv.AuthMethods) {
+ c.flagAuthType = "candid"
+
+ // Update the remote configuration
+ remote := conf.Remotes[server]
+ remote.AuthType = c.flagAuthType
+ conf.Remotes[server] = remote
+
+ // Re-setup the client
+ d, err = conf.GetContainerServer(server)
+ if err != nil {
+ return err
+ }
+
+ d.(lxd.ContainerServer).RequireAuthenticated(false)
+
+ srv, _, err = d.(lxd.ContainerServer).GetServer()
+ if err != nil {
+ return err
+ }
+ } else {
+ c.flagAuthType = "tls"
+
+ // Update the remote configuration
+ remote := conf.Remotes[server]
+ remote.AuthType = c.flagAuthType
+ conf.Remotes[server] = remote
+ }
+ }
+
if !srv.Public && !shared.StringInSlice(c.flagAuthType, srv.AuthMethods) {
return fmt.Errorf(i18n.G("Authentication type '%s' not supported by server"), c.flagAuthType)
}
More information about the lxc-devel
mailing list